Support » Fixing WordPress » Clarifying wp-pass and wp-register questions – hacked

  • Resolved AlisonMooreSmith


    I posted a question (item 2) in another thread. esmi responded that I needed to follow the advice in another thread about the hack and then closed the comments, so I can’t clarify there. :/

    As I said in the second thread, I am following the advice she gave there. But the question in the thread linked above is a different question and I’m hoping for a response, so I can try to UNDERSTAND the problem as presented to me. I am working through those posts, but I want to understand and verify what I’ve been told and, hopefully, prevent this problem from happening again.

    I’ll try to be more clear about my questions.

    (1) Are wp-pass.php and wp-register.php files that only appear in older versions of WordPress? (I am using the current version on this multisite.)

    (2) How would these files be “injected” into my root folder?

    (3) What kind of security breach, if any, would these two folders introduce?

    (4) Would setting permissions on these two files to 0 (or 000) remove the breach? (I was hacked again after I changed the settings.)

    (5) I was told that removing the problematic files won’t solve the problem because “the perpetrators will just turn around and replace them getting past the current version of WordPress.” If a perpetrator can create files in my root folder, then how will changing permissions on those two files STOP them from creating files in my root folder.

    Hope that clarifies what I’m trying to understand. Please rest assured, I am following the advice. I’m just trying to understand the issues.

Viewing 2 replies - 1 through 2 (of 2 total)
  • esmi


    Forum Moderator

    1. No They are in the current version of WordPress. If you download a fresh copy (as suggested in the links I posted previously), you would have seen these files for yourself.

    Q2 & Q3 are now moot.

    4. No. Those files have nothing directly to do with your hack.

    5. You cannot remove the files. WordPress will cease to function correctly.

    esmi, thank you for your help. I am not trying to be a bother or problem to you and wish you were not upset at my questions.

    As I said, I AM working through those steps. For some of us doing these things are more difficult than they are for you. And doing them on a multisite is even more difficult. I have someone helping me go through the steps and am trying to gather as much info as I can based on what I was told so that when we work together, I will have the needed info.

    Since I was told the files were “injected” into my install, I have no way of knowing what part of an install is correct and what part is “injected.” So — unless I understand something of what is going on — looking at the installed files won’t tell me whether the files are supposed to be there or not.

    Thank you for your assistance.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Clarifying wp-pass and wp-register questions – hacked’ is closed to new replies.